mirror/fosrl.pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2025-08-09 20:35:28 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Local sites working

Browse source
This commit is contained in:
Owen Schwartz 2025-01-12 13:09:30 -05:00
parent 4c7581df4f
commit 161e87dbda
No known key found for this signature in database
GPG key ID: 8271FDFFD9E0CCBD
4 changed files with 109 additions and 83 deletions
Download patch file Download diff file Expand all files Collapse all files

9
install/fs/docker-compose.yml
View file

@ -11,6 +11,7 @@ services:
timeout: "3s" timeout: "3s"
retries: 5 retries: 5
{{if .InstallGerbil}}
gerbil: gerbil:
image: fosrl/gerbil:{{.GerbilVersion}} image: fosrl/gerbil:{{.GerbilVersion}}
container_name: gerbil container_name: gerbil
@ -32,12 +33,20 @@ services:
- 51820:51820/udp - 51820:51820/udp
- 443:443 # Port for traefik because of the network_mode - 443:443 # Port for traefik because of the network_mode
- 80:80 # Port for traefik because of the network_mode - 80:80 # Port for traefik because of the network_mode
{{end}}
traefik: traefik:
image: traefik:v3.1 image: traefik:v3.1
container_name: traefik container_name: traefik
restart: unless-stopped restart: unless-stopped
{{if .InstallGerbil}}
network_mode: service:gerbil # Ports appear on the gerbil service network_mode: service:gerbil # Ports appear on the gerbil service
{{end}}
{{if not .InstallGerbil}}
ports:
- 443:443
- 80:80
{{end}}
depends_on: depends_on:
pangolin: pangolin:
condition: service_healthy condition: service_healthy

11
install/main.go
View file

@ -41,6 +41,7 @@ type Config struct {
EmailSMTPUser string EmailSMTPUser string
EmailSMTPPass string EmailSMTPPass string
EmailNoReply string EmailNoReply string
InstallGerbil bool
} }
func main() { func main() {
@ -64,7 +65,7 @@ func main() {
} }
if !isDockerInstalled() && runtime.GOOS == "linux" { if !isDockerInstalled() && runtime.GOOS == "linux" {
if shouldInstallDocker() { if readBool(reader, "Docker is not installed. Would you like to install it?", true) {
installDocker() installDocker()
} }
} }
@ -140,6 +141,7 @@ func collectUserInput(reader *bufio.Reader) Config {
config.BaseDomain = readString(reader, "Enter your base domain (no subdomain e.g. example.com)", "") config.BaseDomain = readString(reader, "Enter your base domain (no subdomain e.g. example.com)", "")
config.DashboardDomain = readString(reader, "Enter the domain for the Pangolin dashboard", "pangolin."+config.BaseDomain) config.DashboardDomain = readString(reader, "Enter the domain for the Pangolin dashboard", "pangolin."+config.BaseDomain)
config.LetsEncryptEmail = readString(reader, "Enter email for Let's Encrypt certificates", "") config.LetsEncryptEmail = readString(reader, "Enter email for Let's Encrypt certificates", "")
config.InstallGerbil = readBool(reader, "Do you want to use Gerbil to allow tunned connections", true)
// Admin user configuration // Admin user configuration
fmt.Println("\n=== Admin User Configuration ===") fmt.Println("\n=== Admin User Configuration ===")
@ -340,13 +342,6 @@ func createConfigFiles(config Config) error {
return nil return nil
} }
func shouldInstallDocker() bool {
reader := bufio.NewReader(os.Stdin)
fmt.Print("Would you like to install Docker? (yes/no): ")
response, _ := reader.ReadString('\n')
return strings.ToLower(strings.TrimSpace(response)) == "yes"
}
func installDocker() error { func installDocker() error {
// Detect Linux distribution // Detect Linux distribution
cmd := exec.Command("cat", "/etc/os-release") cmd := exec.Command("cat", "/etc/os-release")

162
server/routers/target/createTarget.ts
View file

@ -123,88 +123,100 @@ export async function createTarget(
); );
} }
// make sure the target is within the site subnet let newTarget: Target[] = [];
if ( if (site.type == "local") {
site.type == "wireguard" && newTarget = await db
!isIpInCidr(targetData.ip, site.subnet!) .insert(targets)
) { .values({
return next( resourceId,
createHttpError( protocol: "tcp", // hard code for now
HttpCode.BAD_REQUEST, ...targetData
`Target IP is not within the site subnet` })
) .returning();
); } else {
} // make sure the target is within the site subnet
if (
// Fetch resources for this site site.type == "wireguard" &&
const resourcesRes = await db.query.resources.findMany({ !isIpInCidr(targetData.ip, site.subnet!)
where: eq(resources.siteId, site.siteId) ) {
}); return next(
createHttpError(
// TODO: is this all inefficient? HttpCode.BAD_REQUEST,
// Fetch targets for all resources of this site `Target IP is not within the site subnet`
let targetIps: string[] = []; )
let targetInternalPorts: number[] = []; );
await Promise.all(
resourcesRes.map(async (resource) => {
const targetsRes = await db.query.targets.findMany({
where: eq(targets.resourceId, resource.resourceId)
});
targetsRes.forEach((target) => {
targetIps.push(`${target.ip}/32`);
if (target.internalPort) {
targetInternalPorts.push(target.internalPort);
}
});
})
);
let internalPort!: number;
// pick a port
for (let i = 40000; i < 65535; i++) {
if (!targetInternalPorts.includes(i)) {
internalPort = i;
break;
} }
}
if (!internalPort) { // Fetch resources for this site
return next( const resourcesRes = await db.query.resources.findMany({
createHttpError( where: eq(resources.siteId, site.siteId)
HttpCode.BAD_REQUEST, });
`No available internal port`
) // TODO: is this all inefficient?
// Fetch targets for all resources of this site
let targetIps: string[] = [];
let targetInternalPorts: number[] = [];
await Promise.all(
resourcesRes.map(async (resource) => {
const targetsRes = await db.query.targets.findMany({
where: eq(targets.resourceId, resource.resourceId)
});
targetsRes.forEach((target) => {
targetIps.push(`${target.ip}/32`);
if (target.internalPort) {
targetInternalPorts.push(target.internalPort);
}
});
})
); );
}
const newTarget = await db let internalPort!: number;
.insert(targets) // pick a port
.values({ for (let i = 40000; i < 65535; i++) {
resourceId, if (!targetInternalPorts.includes(i)) {
protocol: "tcp", // hard code for now internalPort = i;
internalPort, break;
...targetData }
}) }
.returning();
// add the new target to the targetIps array if (!internalPort) {
targetIps.push(`${targetData.ip}/32`); return next(
createHttpError(
HttpCode.BAD_REQUEST,
`No available internal port`
)
);
}
if (site.pubKey) { newTarget = await db
if (site.type == "wireguard") { .insert(targets)
await addPeer(site.exitNodeId!, { .values({
publicKey: site.pubKey, resourceId,
allowedIps: targetIps.flat() protocol: "tcp", // hard code for now
}); internalPort,
} else if (site.type == "newt") { ...targetData
// get the newt on the site by querying the newt table for siteId })
const [newt] = await db .returning();
.select()
.from(newts)
.where(eq(newts.siteId, site.siteId))
.limit(1);
addTargets(newt.newtId, newTarget); // add the new target to the targetIps array
targetIps.push(`${targetData.ip}/32`);
if (site.pubKey) {
if (site.type == "wireguard") {
await addPeer(site.exitNodeId!, {
publicKey: site.pubKey,
allowedIps: targetIps.flat()
});
} else if (site.type == "newt") {
// get the newt on the site by querying the newt table for siteId
const [newt] = await db
.select()
.from(newts)
.where(eq(newts.siteId, site.siteId))
.limit(1);
addTargets(newt.newtId, newTarget);
}
} }
} }

10
server/routers/traefik/getTraefikConfig.ts
View file

@ -151,6 +151,16 @@ export async function traefikConfigProvider(
], ],
}, },
}; };
} else if (site.type === "local") {
http.services![serviceName] = {
loadBalancer: {
servers: [
{
url: `${target.method}://${target.ip}:${target.port}`,
},
],
},
};
} }
} }